Application Security Manager
JOB
Summary:
Please provide concise description of the main job function.
The Henry Schein Applications Security Manager (ASM) is responsiblefor ensuring the security of the portfolio of software applications thatsupport the most sensitive and strategically important enterprise businessprocesses. The software portfolio includes internal applications(traditional, web based, cloud, mobile, and mainframe (IBM iSeries / AS 400with JDE) hosted on a securely designed segmented network, Software as aService (SaaS) applications, and applications that are internally developed forsale to customers. The ApplicationSecurity Manager is experienced in software development (i.e. traditionalWaterfall and Agile) and secure software development standards, processes, andtesting. The ASM advises the stakeholdersof required technical and process security controls and ensures compliance withlegal and regulatory requirements with the objective of managing the businesses'application security risk. The ASM isaccountable for all cyber security activities that are relevant to the business'application development, acquisition, and / or sale. Under the direction of the Global CISO, the ASMis a critical member of the team that implements Henry Schein's Global CyberSecurity Program to protect the confidentiality, integrity, and availability ofinformation assets and intellectual property aligned with the global cyber securitystrategy.
Responsibilities include primarily the driving of securesoftware development activities within all Henry Schein business', througheffective risk management, strategic, tactical, and operational execution, andcompliance oversight. The ASM will accomplish these responsibilities by establishingand maintaining partnerships with the cross organizational applicationsdevelopment and quality assurance teams, leveraging effective collaboration andcommunication. The ASM is responsiblefor influencing, improving, and driving the incorporation of securityprinciples into business software products from the requirements specification andarchitecture stage through to coding, quality management, deployment, and monitoring,culminating with regular and formal reporting via dashboard and metrics.
ESSENTIAL RESPONSIBILITIES & ACCOUNTABILITIES:
Provide Applications Securityoversight, accountability, and direction for the Global Practice SolutionsGroup (GPSG) business development of software solutions (i.e. stand alone,networked, and cloud based) marketed to our customers. Ensures that secure softwaredevelopment practices, standards, and methodologies are implemented andcomplied with during development, at initial distribution / implementation,throughout its useful life, and as updated. Ensure that the software is securely deployed in customer environmentsand /or as part of the Henry Schein cloud provided service.
Provide Application Securityoversight, accountability, and direction for the Business Systems and eCommerceteams, and other business area applications. Ensures that business application systems security is in accordance withsecure application development standards to address identified risks. Responsible for articulating applicationsecurity risk in business language.
Develop standard Secure SoftwareDevelopment Life Cycle (SDLC) processes. Facilitate the implementation of the Secure SDLC processes acrossrelevant stakeholders including business, technology, and securitystakeholders. Ensure ongoing compliancewith Secure SDLC processes. Incorporatesecurity requirements (i.e. standards, tools, and processes) into PMO LifeCycle process. Ensure on an ongoingbasis the proper security design (i.e. requirements and architecture,authentication, encryption) development, test (i.e. code reviews, static, anddynamic testing), implementation of the software solutions and environments(i.e. network security), threat modeling and risk assessment / identification / remediation, regularvulnerability assessments and penetration testing is conducted, and incidentresponse capabilities are in place and tested. Establish third party developer and / or provider (i.e. SaaS) securityrequirements and validation requirements for these solutions. Ensure the secure integration and interfaceof systems to support required business processes. Ensure the protection of data at rest and inmotion during its lifecycle and flow / processing through these systems.
Support the applications complianceactivities of the businesses pertaining to international laws, regulations, andstandards (i.e. ISO, PCI, HIPAA, SOx, and Data Privacy, Data Breach,International Privacy). Establish andmaintain a compliance control framework to include the above and COBIT, COSO,ITIL, SANS, NIST and other relevant standards and frameworks.
Establishes, Leads and Facilitatesthe creating and ongoing operation of the Applications Security GovernanceProcess and Steering Committee and creates and maintains the ApplicationsSecurity Dashboard with applicable Metrics (from all areas of responsibility)to provide an Applications Security and Risk picture for the company. Provide regular application securityassessment reports to local management and the HSI Global CISO, to includesecurity incidents (immediate reporting), findings, remediation plans, andcurrent status. Create and maintain acomprehensive applications catalogue.
Collaboratively partners with allfunctions and levels of the organization (GPSG businesses, Corporate (i.e. OCS,Global IS (software development, quality assurance, ecommerce, business systems,infrastructure) Internal Audit, Risk, Legal / Regulatory / Compliance) to providedirection for Application Security initiatives internally and with thirdparties. Assists software developmentand quality assurance teams in identifying and implementing controls tomitigate the threats to the organization's applications. Identifies and recommends security solutionsto meet the changes in technology and business operations.
In addition to the essential duties and responsibilitieslisted above, all positions are also responsible for:
Meeting company standards pertaining to quantity and qualityof work performed on an ongoing basis, performing all work related tasks in amanner that is in compliance with all Company policies and procedures includingWorldWide Business Standards.
Adhering to Company policies, procedures, and directivesregarding standards of workplace behavior in completing job duties andassignments.
PHYSICAL ACTIVITIES:
Thisposition will be working in an office environment, utilizing typical officeequipment.
Experience:
BSor higher in Computer Science or equivalent
7 - 10 years of experience in a technology focusedenvironment, specifically in Information / Cyber Security and / or softwaredevelopment.
3-5 years of related Information Security experience.
7 -10 years of secure software develop experience (standalone, web, cloud).
SPECIALIZED KNOWLEDGE AND SKILLS:
AS 400 iSeries, web technologies and web applicationdevelopment and OWASP Top 10, Worldwide Web Consortium (W3C), Cloud SecurityAlliance (CSA), Web Application Consortium (WASC), Common Weakness Enumeration(CWE) / SANS Top 25 Software Weakness Types.
Secure Software Development Life Cycle (SDLC), relatedstandards and frameworks, and legal requirements for information protection(i.e. HIPAA, PCI, GDPR )
Knowledge of general aspects of information security, informationtechnology, and software development is required.
Strong organizational skills and demonstrated ability to bedetail-oriented.
Demonstrated ability to communicate effectively with peersand all levels of management.
Ability to work in a highly collaborative and consensusdriven environment and comfortable with ambiguity and change in a fast pacedenvironment.
Previous experience using a structured software developmentmethodology.
OTHER:
CISSPPreferred
CISA Certification Preferred
Henry Schein, Inc. isan Equal Employment Opportunity Employer and does not discriminate againstapplicants or employees on the basis of race, color, religion, creed, nationalorigin, ancestry, disability that can be reasonably accommodated without unduehardship, sex, sexual orientation, gender identity, age, citizenship, maritalor veteran status, or any other legally protected status
. Apply now!Estimated Salary: $20 to $28 per hour based on qualifications.
Summary:
Please provide concise description of the main job function.
The Henry Schein Applications Security Manager (ASM) is responsiblefor ensuring the security of the portfolio of software applications thatsupport the most sensitive and strategically important enterprise businessprocesses. The software portfolio includes internal applications(traditional, web based, cloud, mobile, and mainframe (IBM iSeries / AS 400with JDE) hosted on a securely designed segmented network, Software as aService (SaaS) applications, and applications that are internally developed forsale to customers. The ApplicationSecurity Manager is experienced in software development (i.e. traditionalWaterfall and Agile) and secure software development standards, processes, andtesting. The ASM advises the stakeholdersof required technical and process security controls and ensures compliance withlegal and regulatory requirements with the objective of managing the businesses'application security risk. The ASM isaccountable for all cyber security activities that are relevant to the business'application development, acquisition, and / or sale. Under the direction of the Global CISO, the ASMis a critical member of the team that implements Henry Schein's Global CyberSecurity Program to protect the confidentiality, integrity, and availability ofinformation assets and intellectual property aligned with the global cyber securitystrategy.
Responsibilities include primarily the driving of securesoftware development activities within all Henry Schein business', througheffective risk management, strategic, tactical, and operational execution, andcompliance oversight. The ASM will accomplish these responsibilities by establishingand maintaining partnerships with the cross organizational applicationsdevelopment and quality assurance teams, leveraging effective collaboration andcommunication. The ASM is responsiblefor influencing, improving, and driving the incorporation of securityprinciples into business software products from the requirements specification andarchitecture stage through to coding, quality management, deployment, and monitoring,culminating with regular and formal reporting via dashboard and metrics.
ESSENTIAL RESPONSIBILITIES & ACCOUNTABILITIES:
Provide Applications Securityoversight, accountability, and direction for the Global Practice SolutionsGroup (GPSG) business development of software solutions (i.e. stand alone,networked, and cloud based) marketed to our customers. Ensures that secure softwaredevelopment practices, standards, and methodologies are implemented andcomplied with during development, at initial distribution / implementation,throughout its useful life, and as updated. Ensure that the software is securely deployed in customer environmentsand /or as part of the Henry Schein cloud provided service.
Provide Application Securityoversight, accountability, and direction for the Business Systems and eCommerceteams, and other business area applications. Ensures that business application systems security is in accordance withsecure application development standards to address identified risks. Responsible for articulating applicationsecurity risk in business language.
Develop standard Secure SoftwareDevelopment Life Cycle (SDLC) processes. Facilitate the implementation of the Secure SDLC processes acrossrelevant stakeholders including business, technology, and securitystakeholders. Ensure ongoing compliancewith Secure SDLC processes. Incorporatesecurity requirements (i.e. standards, tools, and processes) into PMO LifeCycle process. Ensure on an ongoingbasis the proper security design (i.e. requirements and architecture,authentication, encryption) development, test (i.e. code reviews, static, anddynamic testing), implementation of the software solutions and environments(i.e. network security), threat modeling and risk assessment / identification / remediation, regularvulnerability assessments and penetration testing is conducted, and incidentresponse capabilities are in place and tested. Establish third party developer and / or provider (i.e. SaaS) securityrequirements and validation requirements for these solutions. Ensure the secure integration and interfaceof systems to support required business processes. Ensure the protection of data at rest and inmotion during its lifecycle and flow / processing through these systems.
Support the applications complianceactivities of the businesses pertaining to international laws, regulations, andstandards (i.e. ISO, PCI, HIPAA, SOx, and Data Privacy, Data Breach,International Privacy). Establish andmaintain a compliance control framework to include the above and COBIT, COSO,ITIL, SANS, NIST and other relevant standards and frameworks.
Establishes, Leads and Facilitatesthe creating and ongoing operation of the Applications Security GovernanceProcess and Steering Committee and creates and maintains the ApplicationsSecurity Dashboard with applicable Metrics (from all areas of responsibility)to provide an Applications Security and Risk picture for the company. Provide regular application securityassessment reports to local management and the HSI Global CISO, to includesecurity incidents (immediate reporting), findings, remediation plans, andcurrent status. Create and maintain acomprehensive applications catalogue.
Collaboratively partners with allfunctions and levels of the organization (GPSG businesses, Corporate (i.e. OCS,Global IS (software development, quality assurance, ecommerce, business systems,infrastructure) Internal Audit, Risk, Legal / Regulatory / Compliance) to providedirection for Application Security initiatives internally and with thirdparties. Assists software developmentand quality assurance teams in identifying and implementing controls tomitigate the threats to the organization's applications. Identifies and recommends security solutionsto meet the changes in technology and business operations.
In addition to the essential duties and responsibilitieslisted above, all positions are also responsible for:
Meeting company standards pertaining to quantity and qualityof work performed on an ongoing basis, performing all work related tasks in amanner that is in compliance with all Company policies and procedures includingWorldWide Business Standards.
Adhering to Company policies, procedures, and directivesregarding standards of workplace behavior in completing job duties andassignments.
PHYSICAL ACTIVITIES:
Thisposition will be working in an office environment, utilizing typical officeequipment.
Experience:
BSor higher in Computer Science or equivalent
7 - 10 years of experience in a technology focusedenvironment, specifically in Information / Cyber Security and / or softwaredevelopment.
3-5 years of related Information Security experience.
7 -10 years of secure software develop experience (standalone, web, cloud).
SPECIALIZED KNOWLEDGE AND SKILLS:
AS 400 iSeries, web technologies and web applicationdevelopment and OWASP Top 10, Worldwide Web Consortium (W3C), Cloud SecurityAlliance (CSA), Web Application Consortium (WASC), Common Weakness Enumeration(CWE) / SANS Top 25 Software Weakness Types.
Secure Software Development Life Cycle (SDLC), relatedstandards and frameworks, and legal requirements for information protection(i.e. HIPAA, PCI, GDPR )
Knowledge of general aspects of information security, informationtechnology, and software development is required.
Strong organizational skills and demonstrated ability to bedetail-oriented.
Demonstrated ability to communicate effectively with peersand all levels of management.
Ability to work in a highly collaborative and consensusdriven environment and comfortable with ambiguity and change in a fast pacedenvironment.
Previous experience using a structured software developmentmethodology.
OTHER:
CISSPPreferred
CISA Certification Preferred
Henry Schein, Inc. isan Equal Employment Opportunity Employer and does not discriminate againstapplicants or employees on the basis of race, color, religion, creed, nationalorigin, ancestry, disability that can be reasonably accommodated without unduehardship, sex, sexual orientation, gender identity, age, citizenship, maritalor veteran status, or any other legally protected status
. Apply now!Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
